Program Description: Serves as a SME Cyber Threat Hunter and Researcher in support of a major federal client.  This organization provides services that analyze and produce enhanced cyber security and threat intelligence information to include threats and potential threats to the customer’s information and information systems; provides timely and relevant technical analysis to assist with mitigating cyber threats confronting the Department; supports evaluation, implementation, and operations of tools/technologies used in advanced analysis. Responsible for the delivery of written and oral briefings to stakeholders and community partners across the Foreign Affairs community.  

The Cyber Threat Hunter and Researcher will support the customer’s overall cyber threat analysis efforts. Performs advanced analysis of adversary tradecraft, malicious code, and Advance Persistent Threat capabilities.   Analyzes computer, communication, network security events and exploits to determine security vulnerabilities and recommend remedial actions. Conducts forensic, malicious code, and packet-level analyses to develop comprehensive technical reports stepping through complete reverse engineering of incidents.  Recommends countermeasures based on the identified techniques, tactics, procedures, and behavior patterns used by adversaries.  This role is also responsible for developing alert criteria to improve incident response capabilities; as well as contributing to the development, writing, and reviewing of SOPs.

Candidate should possess experience with and knowledge of cyber threat and/or intelligence analysis.  Candidate should have proven expert written and oral communication skills to include experience with executive-level presentations. Candidate should have knowledge related to the current state of cyber international relations, adversary tactics, and trends. Candidate will possess the ability to work quickly, and a willingness to complete ad hoc, time sensitive assignments.

Candidates MUST possess an active secret clearance and be eligible to obtain a Top Secret.

• A Bachelor’s Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline is desired. Four (4) additional years of general experience (as defined below) may be substituted for the degree.

Certifications Desired:  GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), Certified Ethical Hacker (CEH), Encase Certified Examiner (ENCE)

General Experience: 5-7 years of experience advanced technical analysis with increasing responsibilities. Demonstrated oral and written communications skills. 

• Good working knowledge of cyber threat analytics
• Previous experience working in cross functional and interdisciplinary project teams to achieve tactical and strategic objectives
• Proven ability to document and teach team members how to apply advanced analytic techniques to solve complex problems
• Solid understanding of enterprise IT cybersecurity operational environments

• Five years of experience in network security with a focus on computer forensics, static code reverse engineering, and advanced (packet) network analysis. Static code reverse engineering experience can be substituted by experience in similar skill in computer forensics, network analysis, mobile device forensics related to malicious code, network flow analysis, or other similar skill
• Three years of experience in intelligence or technical analysis with a focus on cyber threat analysis.
• Experience analyzing emerging technologies for potential attack vectors and developing mitigation strategies
• Ability to evaluate offensive and intelligence-based threat actors based on motivation and common TTPs
• Experience with gathering open-source and controlled intelligence to develop predictive understanding of adversarial strategies, priorities, and overlapping interests
• Demonstrated expertise in deploying and maintaining open source network security monitoring and assessment tools
• Experience writing contract deliverables such as Event Bulletins, Cyber Digests, and Quarterly Summary Reports   

The Mid-Level Web Development Engineer will be responsible for supporting the day-to-day operations and administration of the internal and external SharePoint sites as well as all Web-based solutions. The engineer will lead or participate in the full software development life cycle of SharePoint sites and web-based solutions. The engineer will be responsible for reviewing web sites for adherence to organization specifications and standards, providing experience in troubleshooting system-related problems and possess thorough knowledge of web design principles as well as proficiency with web publishing software and protocols. The engineer will have an excellent understanding of Object Oriented Design / Development and of end-to-end web application architecture, from the layout / user interface to relational database structures. The engineer will be highly self-motivated and adaptable to learning and understanding new technologies; have excellent communication skills; be able to effectively prioritize and manage multiple tasks to meet aggressive deadlines; and have the ability to work both independently and on a team producing quality work products with attention to detail.

• Codes, tests, debugs, implements, enhances, and documents ColdFusion and Microsoft Power Platform programs.
• Designs and develops systems to meet business needs.
• Provides analyses and assists team lead in preparing level-of-effort estimates.
• Assists in developing and validating system requirements.
• Mentors junior developers
• Remains abreast of industry technical trends and new development to maintain current skills and remain current with industry standards.

• U.S. Citizen and active Top Secret Security Clearance
• B.A., B.S. in Computer Science or related field or significant commensurate years of relevant experience designing, developing, and implementing web solutions.
• Minimum of four (4) years of experience in web design, web architecture, web development, interface design, or software design.
• In-depth experience developing web-based applications.
• Experience with designing and developing complex SharePoint sites consisting of multiple levels and accesses and integration of other applications (e.g., calendars, forms, workflows).
• Strong understanding of Web standards and protocols (HTML, XHTML, CSS, XML, AJAX, JavaScript, jQuery and Angular.JS).
• Ability to communicate to all levels of users (internal and external to Department of State), strong problem solving skills, adaptable, proactive, and willing to take ownership of projects.
• Strong commitment to quality through work products and documentation of activities/processes/procedures.
• Ability to conceptualize, present and execute ideas in a timely manner.
• Minimum of four (4) years of experience with Adobe ColdFusion Enterprise version 11 or higher; Including development with and administration within a locked-down environment
• Minimum of four (4) years of experience programming with SQL Server 2008 or higher relational database
• 4+ years of experience with Microsoft Office applications including Access, Project, PowerPoint, Visio, and InfoPath Designer
• 4+ years of experience with development related applications including Eclipse, ColdFusion Builder 2/3, JIRA (Agile), Bamboo or Jenkins Continuous Integration, Subversion or GIT repositories and Mylyn
• 4+ years of experience with managing and administration of Server 2008R2 Enterprise Operating System to include IIS7.x

• Security+ certification
• • CSSLP certification
• • GWeb certification
• • Demonstrated experience with Agile (Kanban) development methodologies
• • Knowledge of Accessibility / Section 508 compliance (U.S. Rehabilitation Act)

The Senior Cyber Security Engineer and Liaison works with a small team to provide technical expertise to a wide array of IT projects. The individual selected will serve as a liaison between a cyber security center and major IT programs to ensure that new technologies and capabilities are implemented effectively. The senior engineer will work to evaluate new technologies (e.g. social media) to ensure that they are architected to meet security objectives. Frequently, the senior cybersecurity engineer and liaison will provided detailed evaluation of how to securely incorporate new technologies into the customer’s IT capabilities. These recommendations are provided both verbally and in written forms to senior managers so that they can make informed risk-based decisions.
The senior cybersecurity engineer and liaison will also support the continuous evaluation of proposed changes to the customer’s IT infrastructure and capabilities. The senior cybersecurity engineer and liaison will focus on representing the cybersecurity program by providing specialized security expertise to specific programs.
The ideal candidate will have exceptional verbal and written communication skills and a solid understanding of cybersecurity trends and security risks. They also must have a firm understanding of large scale enterprise IT operations. They will also have experience with cybersecurity in the domains of vulnerability management, malware TTP’s, networking protocols, and cyber incident management.

• Represents Company to external and/or internal customers where issue analysis of situations or data requires an in-depth knowledge of organizational objectives.
• Develops solutions to problems of unusual complexity which require a high degree of ingenuity, creativity, and innovativeness. Exercises independent judgment in determining the methods, techniques, and evaluation criteria used in obtaining results.  Challenges are frequently unique and solutions may serve as precedent for future decisions.
• Effects of decisions are long-lasting and heavily influence the future course of the organization. Errors in judgment or failure to achieve results would result in the expenditure of large amounts of company resources.
• Work is performed without appreciable direction. Exercises considerable latitude in determining objectives and approaches to assignment.
• Serves as consultant to management and special external spokesperson for the organization on major matters pertaining to its policies, plans, and objectives.
• Provides technical expertise and professional recommendations, working independently and subject matter experts, to ensure the maximum protection by cybersecurity defenses.
• Prepare and provide written and verbal recommendations for mitigating cyber risks across a wide array of technologies.
• Supports numerous cybersecurity technical capabilities and infrastructure onsite and at several remote locations. Assist in new security tools deployment.
• Document the standard operating procedures for supporting each capability as well as recovering from any system degradation.
• Provide the requisite training on new capabilities and operational practices to other operations team members.
• Provide oral and written recommendations, in sufficient detail, to permit the sponsor to make an informed, independent decision on cyber security and threat related issues.
• Assist the sponsor in clarifying cyber security related policies and procedures, and determining technical solutions for cyber security issues.
• Promote awareness of cyber security related issues among key decision makers and ensure sound security principles are reflected in sponsors visions and goals.
• Provide weekly, or more often as required, updates to Cybersecurity Office management on cyber security related issues impacting sponsor and decisions reached.
• Provide general information security (INFOSEC) support.
• Conduct research pertaining to the latest cyber security threat vectors and technological advances.
• Complete technical and security reviews documenting the vulnerabilities and exposures of varying technologies, and potential mitigating techniques and configurations.
• Assist in the development of and response to Information Technology (IT) security policy.

Junior: 6 mos-1+ years of SOC experience

• One or more certifications, including but not limited to: CEH, Security + or equivalent. 

• Strong analytical skills.
• Strong oral and written communication skills
• Extremely detail oriented
• Working knowledge of one or more of the following tools desired:
• Remedy ticketing system or similar ticketing system
• Splunk
• Cyber Security background
• Basic understanding of Network protocols and packet analysis tools.
• Previous exposure to SOC incident handling and response activity.

Provides Threat and Gap Analysis support to a cabinet level federal agency. Contributes to a team of information assurance professionals working to improve technical security posture. Duties include writing reports, briefing event details to leadership, and coordinating remediation with personnel throughout the globe.
Must possess eight (8) years of substantive IT knowledge and demonstrate hands-on expertise and/or training in areas of emerging technologies. The candidate must have hands-on experience and expertise with threat detection, gap analysis, threat hunting methodologies, and an understanding of the capability of hacking tools and how they are used to exploit vulnerabilities and features in enterprise networks. Previous Red Team work is a plus.
The candidate must be a self-starter with keen analytical skills, curiosity, agility, and adaptability. The ability to work quickly, willingness to work on ad hoc assignments, work independently as needed, strong written and verbal communication skills, and recognizing the importance of being a team player. In addition, the candidate should possess the following skill set:

• Experience analyzing Azure/O365 Logs and their logging platform (eg: Sentinel, Unified Audit Logs, Log Analytics, AAD Audit Logs, Office Activity Logs, etc)
• Advanced Splunk user with the ability to leverage the more advanced statistical features.
• Experience performing incident response using a modern EDR tool.
• Experience performing forensic analysis on the different flavors of Windows OS’s.
• Experience identifying gaps in analysis and creation of detection methodologies to address the gaps.
• Experience analyzing Network Security logs (eg: Firewall, Zeek (Bro))
• Experience with MITRE ATT&CK framework
• Be familiar with tools like Nessus, Burp, and Metasploit Framework/Pro.
• Firm understanding of network and system architecture and analysis. Fundamentals of network routing & switching, assessing network device configurations, and operating systems (Windows/*nix)
• Experience Scripting in languages such as PowerShell, Bash, Python, Perl or Ruby.
• Must be able to work alone or in a small group.

• Analyze and document Red Cell activity’s to identify detection gaps
• Resolve gaps found through monitoring Red Cell activities
• Create new detection methodologies that highlights suspicious activity
• Briefs executive summary and findings to stakeholders to include Sr. Leadership
• Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
• Provide support to incident response teams through capability enhancement and reporting.
• Mentor Jr and Mid staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis.

The OTA Analyst conducts in-depth analysis of user activity data employing technical and non-technical disciplines to transform data into actionable information.
The primary area of responsibility for the analyst is to examine and analyze data, prioritize significant events for further investigation, correlate information with other information sources to establish context, and to compile noteworthy information into analytic reports for working groups and senior management.
Additionally, reviewing sensitive electronic and hard copy investigative and intelligence community reporting, collaborating with internal and external entities via working groups, conferences, or task forces, and preparing summary documents, briefings, assessments, graphical representations of data, and other written products is highly encouraged

The investigative analyst will perform user activity monitoring, analysis, and reporting, employing technical and non-technical disciplines to transform data into actionable information. The individual will be responsible for conducting in-depth analysis of user activity data and performing data acquisitions from live hosts located worldwide using various Windows and forensics tools, and ensuring chain of custody and control procedures. Detailed documentation of tasks performed is required to support active law enforcement investigations.

• Responsible for the analysis and reporting of technical and intelligence information to provide indications, analysis, and trends identified through behavioral analysis of data
• Perform assessments of malicious or suspicious activities to determine potential security risks
• Prepare comprehensive and detailed court-ready case documentation and written notes and reports regarding findings.
• Assist in the development of OTA program policies, processes, and procedures, provide user support, conduct group training sessions, and provide one-on-one tool training services to case agents and supporting personnel.
• Work location: Rosslyn, VA (full-time, on site)

• 4+ Experience in behavioral, audit, security, and/or policy compliance analysis
• Ability to work well with and accept challenges in a fast paced, dynamic, team-based environment
• Ability to write and execute SQL queries
• Experience with Splunk, EnCase, IBM SPSS platform using the Modeler module
• Proficiency in process automation using multiple scripting and development tools including, but not limited to: Shell scripting, PowerShell, Perl, Ruby, or Python
• Enterprise administrative support and deployment of multiple operating systems (e.g. Windows 2008, 2012, Linux)
• Experience in configuring and troubleshooting Windows servers
• Understand and utilize Active Directory Domain Services, DHCP, DNS, WINS, TCP/UDP Ports and Protocols
• Experience working in a virtualized environment (e.g. VMWare)
• Possesses an understanding of networking fundamentals
• Possesses working knowledge of firewall administration
• Strong quantitative and analytic abilities to analyze and validate data
• Ability to demonstrate effective organizational and technical skills
• Detail-oriented and have a strong delivery performance (ability to meet deadlines and requests efficiently, multi-task and establish priorities)
• Ability to quickly learn and understand various company systems
• Proficiency with MS Office Suite products (Excel, Word, Outlook, Visio, PowerPoint, etc.) and Server

• Knowledgeable of Database systems (Oracle and MS SQL)
• Experience with Direct Attached Storage/SAN and RAID.
• Experience with hardware and input/output evaluation and optimization
• Experience with Dell hardware
• Working knowledge of information security and IT standards like ISO27002, NIST, ITIL, etc.
• Experience with designing and implementing data models to drive threat analysis
• Knowledge of cyber threat indicators
• Ability to prepare and present briefings
• Technical knowledge of Microsoft Operating Systems

• Develop a complete understanding of emerging technology
• Support enterprise-class security systems
• Align emerging technologies with organizational security strategy
• Design security architecture elements in emerging technologies
• Extensive knowledge of security, cloud, and IT services
• Plan, research, and design security architectures for any IT project
• Create solutions that balance business requirements with innovation and security
• Identify security design gaps in proposed architectures and recommend changes
• Ensure organizational security policies and procedures are followed
• Regularly communicate with leadership

• 12+ years professional experience in a technical or IT related role
• 5+ years of security architecture experience
• Master’s degree in the field of computer science and/or equivalent work experience
• Knowledge of security operations, cloud services, vulnerability management, security governance, and risk management
• Knowledge scripting skills in Python, PowerShell, and BASH
• Team-oriented; skilled in working within a collaborative environment
• Outstanding written and verbal communication skills
• Highly self-motivated and directed
• Proven analytical and problem-solving abilities
• Familiar with Agile Framework for project management
• CISSP a MUST and other related industry certifications are recommended
• Must have an active Top Secret Clearance

Project supports the IT engineering team of a major federal customer providing security services including cyber incident response, threat analysis and security operations support. The Cyber Security Engineer will provide technical expertise working independently and/or with other engineers. The primary area of responsibility will be evaluating, integrating, and deploying new cybersecurity tools and capabilities. The individual will evaluate new security technologies and make appropriate recommendations to ensure technical assessment capabilities remain current. The ideal candidate will have a solid understanding of cyber security in the domains of security operations, security architecture, framework and standards, governance, and threat intelligence. This effort will require a skilled Systems Engineer in order to facilitate the implementation of industry standardized and consistent processes in support of systems integration and project management.

• 4+ years of Information Security, Systems Integration, Network Engineering, or System Engineering experience
• Strong troubleshooting skills, analytical problem solving ability, and organizational skills
• Knowledge of the system development life cycle and Project Management Framework.
• Excellent communication skills in technical, business, and client interactions
• Experience working in a dynamic and collaborative environment
• Linux/Unix system engineering and security hardening experience
• Windows system engineering and security hardening experience
• Experience configuring and hardening network switches, routers, and firewall

Daily Responsibilities:

• Serve as technical lead on assigned projects and interface directly with customers during requirements gather, system design, and implementation.
• Analyze market research and customer requirements; derive high-level system requirements and produce functional and technical requirements.
• Translate client requirements into major milestones and deliverables
• Perform system integration activities; Product evaluation, system builds/installation, system assessments, system transition (O&M)
• Draft supporting system documentation; system design, system diagram, system security plan, etc…

Experience with IDS/IPS products (Ex: Snort, Suricata, Cisco, ISS, McAfee)· Experience with network devices and boundary protections (Ex: Cisco Switching, Firewalls)· Experience with Packet Capture & Inspection technology (Ex: RSA Security Analytics, Netwitness, Moloch)· Experience working with Automated Dynamic Malware Analysis tools (FireEye)· Experience with Information and Event Management technology (SIEM, Splunk, Syslog, RSyslog)· Experiencing supporting Accreditation and Authorization process. Mitigating compliance audit and vulnerability findings· Experience working with Hypervisor and Virtualization technologies (VMware, Citrix, Microsoft Hyper, Red Hat)· Experience with Domain Service and Central Service management and deployment (Active Directory, DNS, DHCP, WSUS, NTP)

Rosslyn, VA

Mid. E/A

Secret, Top Secret desired

2 +

Preferred Requirements:

• CompTIA A+, Network +, Security +
• Microsoft Certified Professional (MCP)
• RedHat Certified Engineer, Linux +
• Microsoft Certified Solutions Engineer (MCSE)

Project Overview:
The Cyber Security Configuration Engineer will also evaluate various technical and policy questions, providing written responses to a wide range of audiences.
The ideal candidate will have base knowledge of cyber security principles and best practices, familiarity with Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs), a foundational knowledge of Windows and Linux server operating systems, and experience managing Active Directory

Key Personality traits that will do well in this environment

• Inquisitive by nature; you know where to look to find answers
• You enjoy collaboration and sharing information with other highly technical people.

Daily Responsibilities:

• Promote awareness of security issues among management and ensure sound security principles are reflected in organizations’ visions and goals.
• Research security threat vectors and participate in government and industry conferences and training that impact existing standards and/or principles and provide information to customer on potential impact
• Create bulletins, alerts, and/or advisories related to published or developmental standards and/or principle documents
• Ensure that rigorous application of information security/information assurance policies, principles, and practices are implemented in the delivery of all IT services.
• Evaluate a wide array of existing, new, modified, and/or emerging technologies and develop recommended security configuration baselines documents that implement Departmental policy, technical security solutions, and industry best practices in alignment with Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) as much as possible
• Actively participate in respective change review and control boards, providing written and verbal recommendations
• Respond to various technical and policy questions from a wide range of customers/users with guidance and clarifications
• Promote awareness of cybersecurity standards and principles among the customer stakeholders, coworkers, and the Department users
• Collaborate with fellow team members and various internal and external stakeholders to share information and knowledge to establish and maintain a productive line of communication
• Streamline processes to improve efficiency of Mission goals
• Manage information and updates in SharePoint repositories
• Keep awareness of items involving fellow team members to provide back up support and coverage as needed

To fit into our environment, you must have these core skills:

• Clearance at the Secret level
• Excellent verbal and written communication skills
• Knowledge of cybersecurity and privacy principles
• Knowledge of Cyber Security National Policies, Directives, and Laws
• Knowledge of basic system, network, and OS hardening techniques
• Knowledge in interpreting functional requirements for projects and proposal
• 1-3 years’ experience developing and executing research plans
• 2-3 years’ experience working with Windows Server on an enterprise level
• 1-3 years’ experience managing Active Directory in a multi-domain environment.

Highly desired skills

• 2-3 years’ experience working with server/application virtualization on an enterprise level
• 2-3 years’ experience working with Red Hat Enterprise Linux servers on an enterprise level
• 2-3 years’ experience engineering/maintaining database infrastructure including SQL and Oracle
• 1-3 years’ experience working with Active Directory Federation Services (ADFS), Azure Active Directory
• 1-3 years’ experience developing and managing virtualized IT systems
• 1-3 years’ experience with networking technologies
• 1-3 years’ experience with configuration and/or administrating enterprise mobile device deployment

The ideal candidate will have exceptional verbal and written communication skills and a solid understanding of cybersecurity trends and security risks. They also must have a firm understanding of large scale enterprise IT operations. They will also have experience with cybersecurity in the domains of vulnerability management, malware TTPs, networking protocols, and cyber incident management.

• Represents Company to external and/or internal customers where issue analysis of situations or data requires an in-depth knowledge of organizational objectives.
• Develops solutions to problems of unusual complexity which require a high degree of ingenuity, creativity, and innovativeness. Exercises independent judgment in determining the methods, techniques, and evaluation criteria used in obtaining results. Challenges are frequently unique and solutions may serve as precedent for future decisions.
• Effects of decisions are long-lasting and heavily influence the future course of the organization. Errors in judgment or failure to achieve results would result in the expenditure of large amounts of company resources.
• Work is performed without appreciable direction. Exercises considerable latitude in determining objectives and approaches to assignment.
• Serves as consultant to management and special external spokesperson for the organization on major matters pertaining to its policies, plans, and objectives.
• Provides technical expertise and professional recommendations, working independently and subject matter experts, to ensure the maximum protection by cybersecurity defenses.
• Prepare and provide written and verbal recommendations for mitigating cyber risks across a wide array of technologies.
• Supports numerous cybersecurity technical capabilities and infrastructure onsite and at several remote locations. Assist in new security tools deployment.
• Document the standard operating procedures for supporting each capability as well as recovering from any system degradation.
• Provide the requisite training on new capabilities and operational practices to other operations team members.
• Provide oral and written recommendations, in sufficient detail, to permit the sponsor to make an informed, independent decision on cyber security and threat related issues.
• Assist the sponsor in clarifying cyber security related policies and procedures, and determining technical solutions for cyber security issues.
• Promote awareness of cyber security related issues among key decision makers and ensure sound security principles are reflected in sponsors visions and goals.
• Provide weekly, or more often as required, updates to Cybersecurity Office management on cyber security related issues impacting sponsor and decisions reached.
• Provide general information security (INFOSEC) support.
• Conduct research pertaining to the latest cyber security threat vectors and technological advances.
• Complete technical and security reviews documenting the vulnerabilities and exposures of varying technologies, and potential mitigating techniques and configurations.
• Assist in the development of and response to Information Technology (IT) security policy.